Why Phishing Training Is Important

The prankster’s goal was simple: to trick White House staff into responding to fraudulent emails for nothing more than a cheap thrill. With little to gain from the endeavour, the prankster’s efforts were basic.

The trickster wrote a simple email purporting to be from Donald Trump’s son-in-law, Jared Kushner. He sent it off to Tom Bossert (at the time Homeland Security Advisor). And he waited to see if the security advisor would respond.

The importance of phishing awareness training

The nature of the prank alone goes a long way to demonstrating the importance of phishing awareness training.

The phishing email required no advanced technical prowess to deploy. And, as it was a targeted, it was unlikely to be caught by phishing filters.

So long as emails are carefully crafted, there’s a chance they will work.

Using human behaviour as a “weapon”

Knowing how important the content of the email would be, the prankster set about using, in his words, “human behaviour and weakness” as his “weapon” of choice.

The email – being supposedly sent from the President’s son-in-law – already carried an air of authority. It took the form of an invitation to a private party – so also flattered its target. A well-placed joke established rapport.

It dinged three powerful areas of the human psyche. As such, it prompted the at-the-time Deputy Assistant to the President for Homeland Security and Counterterrorism (to use the full title) to respond – handing out his personal email address to a total stranger.

Phishing scams affect businesses every day

While the prank ended there, it doesn’t take much imagination to work out where the story could have gone. A more malicious actor might have used the thread to deploy any manner of malware and/or elicit some of the most sensitive information in the world.

Perhaps because of how simple they are to manufacture, phishing attacks are on the rise. Phishing training is undoubtedly important… and it urgently needs to move beyond the compliance-based phishing training and cyber security packages currently on offer.